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DETAILED ACTION 
Claim Rejections - 35 USC § 101 

1 . 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

2. Claims 12-14, are rejected under 35 U.S.C. 101 because the claimed invention 
is directed to non-statutory subject matter. Claims 12-14 claim a "storage medium 
comprising software" " however the claims do not clearly define a storage medium to be 
a memory/disl<, see Applicant's specification para. 14, lines 5-9, (storage medium can 
be a programmable electronic circuit or any kind of interconnect) and thus "storage 
medium" is considered in the broadest reasonable interpretation of the claim covers 
forms of non-transitory tangible media and transitory propagating signals per se in view 
of the ordinary and customary meaning of computer readable media. 

3. The Examiner suggests Applicant to review the recent memorandum entitled 
"Subject matter Eligibility of Computer readable media" issued on January 16, 2010 
from the Under Secretary of Commerce for intellectual Property and Director of the 
United State Patent and Trademark Office , David J. Kappos 

http://www.uspto.gov/patents/law/notices/101_crm_20100127.pdf) and amend the claim 
to include either limitation "non-transitory" or the disclosed tangible computer readable 
media, while at the same time excluding the intangible media such as signals, carrier 
waves, etc... . 
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Claim Objections 

4. Claim 1 1 is objected to because of tine following informalities: The word 'method' 
should be replaced by the word 'system'. Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

5. The following Is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or In public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

6. Claims 1 -3, 7-8, 11-17 are rejected under 35 U.S.C. 1 02(b) as being anticipated 
by Swimmer et al. (US Pub. 20040255163 A1 ). 

7. Regarding claim 1 , Swimmer discloses a method comprising: receiving in a 
virtual machine contents of a program for creating a virtual environment for interacting 
with a host platform in a computing device (para. 17, 22, 44-45; With the intrusion 
detection system performing the function of a virtual machine, a daemon is 
analogous to a program creating a virtual environment and the operating system 
being analogous to the host platform); and determining by the virtual machine if the 
received contents comprises predetermined instructions for performing at least one 
unauthorized task. (para. 22-23- malicious code strings being analogous to 
predetermined instructions for performing unauthorized tasks) 

8. Regarding claim 2, Swimmer discloses the method of claim 1 , wherein the 
determining if the received contents comprises predetermined instructions further 
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comprises: comparing the received contents of the program to at least one 
predetermined instruction patterns corresponding to the predetermined instructions for 
performing the at least one unauthorized task (para. 22, a pattern filter is used to 
identify malicious code strings); and purging the predetermined instructions from the 
received contents based on the comparing, (para. 15, 17- the malicious code string is 
extracted from the daemon code) 

9. Regarding claim 3, Swimmer discloses the method of claim 2, wherein the 
comparing the contents of the received program to at least one predetermined 
instruction patterns further comprises: searching predetermined locations of the 
received contents of the program for the predetermined instructions, (para. 27, 55, 58, 
the memory location containing a possible infected dameon is scanned) 

10. Regarding claim 7, Swimmer discloses a system comprising: a virtual machine to 
receive contents of a program for creating a virtual environment for interacting with a 
host platform in a computing device (para. 17, 22, 44-45; With the intrusion detection 
system performing the function of a virtual machine, a daemon is analogous to a 
program creating a virtual environment and the operating system being 
analogous to the host platform), the virtual machine comprising a detector subsystem 
to determine if the received contents comprises predetermined instructions for 
performing at least one unauthorized task. (para. 22-23- malicious code strings being 
analogous to predetermined instructions for performing unauthorized tasks) 
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1 1 . Regarding claim 8, Swimmer discloses the system of claim 7, wherein the 
detector subsystem is to purge the predetermined instructions from the received 
contents of the program, wherein the detector subsystem further comprises :a 
comparator logic to compare the received contents of the program to at least one 
predetermined instruction patterns corresponding to the predetermined instructions for 
performing the at least one unauthorized task (para. 22, a pattern filter is used to 
identify malicious code strings); and a search logic to search predetermined 
locations of the received contents of the program for the predetermined instructions, 
(para. 15, 17- the malicious code string is extracted from the daemon code) 

1 2. Regarding claim 1 1 , Swimmer discloses the method of claim 8, wherein the at 
least one predetermined instruction patterns are stored in a database in communication 
with the virtual machine. (Fig. 2, element 21, para. 60-61) 

1 3. Regarding claims 12-14, they merely recite a computer program that when 
executed, performs the functional steps of method claims 1-3, and thus, rejected for the 
same rationale. 

14. Regarding claim 15, Swimmer discloses a method comprising: receiving a 
system call for a host platform in communication with a virtual machine of a computing 
device (para. 17- system calls are monitored); and determining by the virtual machine 
if the received system call comprises at least one predetermined system call for 
performing at least one unauthorized task. (para. 17- system call patterns examined 
for non-normal behavior) 
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1 5. Regarding claim 1 6, Swimmer discloses the method of claim 1 5, wherein the 
determining if the received system call comprises predetermined system call further 
comprises: comparing the system call to at least one predetermined system call 
patterns corresponding to the predetermined system calls for performing the at least 
one unauthorized task. (para. 17) 

16. Regarding claim 1 7, Swimmer discloses the method of claim 1 6, wherein the 
unauthorized task comprises: a task predetermined to be an inhibitive task by the 
computing device; and a task to output data into memory regions storing at least one of 
instructions and data for operations of the virtual machine, (para. 52- eg. The 
malicious code string being instructions to jump to code which 'spawns a shell' 
program) 



Claim Rejections - 35 USC § 103 

1 7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

18. Claims 4-6 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Swimmer as applied to claim 2 above, and further in view of Altman et al. (US Pub. 

20040044880 A1). 

1 9. Regarding claim 4, Swimmer discloses the method of claim 2, but is silent on the 
program to be examined for unauthorized instructions residing in a translation cache 
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and checking branch targets as recited in claim 4. However, Altman discloses a virtual 
machine manager which translates a portion of the virtual machine code and stored in a 
translation cache, (para. 28-31) In addition, Altman discloses checking whether a 
branch within the translated code branches outside to untranslated code. (Fig. 1, para. 
33) Therefore, taking the combined teachings of Swimmer and Altman as a whole, It 
would have been obvious to one of ordinary skill in the art at the time of the Invention to 
utilize a translation cache for storing and checking the program contents for 
unauthorized code since it allows for faster future use of the code. 

20. Regarding claim 5, the combination of Swimmer and Altman discloses the 
method of claim 4, further comprising: generating checking and determining Instructions 
for performing the checking the branch target and determining if the checked branch 
target comprises at least one of a translation cache and the execution engine. (Altman- 
para. 28- 31, interpretation and compilation instructions) 

21 . Regarding claim 6, the combination of Swimmer and Altman discloses the 
method of claim 2, wherein the virtual machine comprises an execution engine and at 
least one interpret function invoked by the execution engine, wherein the contents of the 
program reside in the at least one interpret function. (Altman- para. 28-32, 38) 

22. Regarding claims 9-10, they are rejected as applied to claims 4-6 because a 
corresponding system would have been necessitated to carry forth the method steps of 
claims 4-6. The applied prior art also discloses the corresponding architecture. 
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23. Claim 18 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Swimmer further in view of Draves (US 5,873,124). 

24. Regarding claim 18, Swimmer discloses a method comprising: receiving a 
virtualized memory address for a host platform in communication with a virtual machine 
of a computing device; and determining by the virtual machine if the received virtualized 
memory address comprises at least one predetermined unauthorized virtualized 
memory address, (para. 17, 45). However, Swimmer is silent on explicitly utilizing 
virtualized memory address. However, virtualized memory addresses are notoriously 
well known and used in the art as evidenced by Draves (see abstract). Therefore it 
would have been obvious to one of ordinary skill in the art at the time of the invention to 
utilize it in the teachings of Swimmer to allow program code to be compiled as though 
each process will enjoy exclusive access to the entire memory address space. 

25. Claims 19-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Swimmer and Draves as applied to claim 18 above, and further in view of Altman et al. 
(US Pub. 20040044880 A1). 

26. Regarding claim 19, the combination of Swimmer and Draves discloses the 
method of claim 18, but is silent on the virtual machine further comprising at least one of 
a translation cache to store translation data; an execution engine; and at least one 
interpret function invoked by the execution engine. However, Altman discloses a virtual 
machine manager which translates a portion of the virtual machine code and stored in a 
translation cache, (para. 28-31). In addition, Altman discloses an execution engine and 
at least one interpret function invoked by the execution engine (para. 28-32, 38) 
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Therefore, taking the combined teachings of Swimmer, Draves and Altman as a whole, 
it would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a translation cache for storing and checking the program contents for 
unauthorized code since it allows for faster future use of the code. 
27. Regarding claim 20, the combination of Swimmer, Draves and Altman discloses 
the method of claim 19, wherein the determining by the virtual machine if the received 
virtualized memory address comprises at least one predetermined unauthorized 
virtualized memory address comprises: determining if the virtualized memory address is 
in a memory space available to the translation cache (Altman- para. 28-32); 
determining if the virtualized memory address is in a memory space available to the at 
least one interpret function (Altman- para. 28-32); and determining if the virtualized 
memory address is in a memory space region storing at least one of instructions and 
data for operations of the virtual machine. (Altman- para. 28-32) 



Conclusion 

28. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Worley, Jr. (US Pub. 20070106986 A1) for a secure virtual 
machine monitor utilizing a translation cache. Schmid et al. (US Pub. 20050223238 A1) 
for identifying malicious code features in an executable file. Koryakin et al. (US 
7,555,592 B1) and Dobrovolskiy et al. (US 7,647,589 B1) for identifying and preventing 
unsafe instructions within a virtual machine environment. Williamson et al. (US Pub. 
20090049552 Al ) for removing malicious code from computers. Song et al. (US Pub. 
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20060143707 A1 ) for detecting and removing malicious codes including looking at 
system calls. Van der Made (US Pub. 20080320595 A1 ) for identifying malicious code 
in a virtualized environment. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to WILLIAM CORUM whose telephone number is (571) 
270-5195. The examiner can normally be reached on Monday through Friday 7:30 a.m. 
- 5:00 p.m., every other Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Krista Bui can be reached on 571-272-7291 . The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/KIEU-OANH BUI/ WILLIAM CORUM 

Supervisory Patent Examiner, TC 2400 Examiner, Art Unit 2433 



